Urgent NFS Help

Hi
i have an AIX 4.3.3.0 Machine. NFS is not working on this,
it seems that the request it stopping at the firewall..
How do i find out which port am i supposed to ask the fire wall administraotr to allow?

I do not see any port defined for NFS in the /etc/services file.
how do i find out which port nfs is using.
PLease let me know .. this is very urgent...

Look in /etc/rpc file for mountd RCP port frecuently used. I have found
the following procedure. Please take a read and comment your opinions.

How to mount a NFS filesystem through a firewall with fixed port.
In order to run the NFS through a firewall suggested you to open the
follwing ports:

111 for portmap
2049 for nfsd

You need to fix a port number for rpc.mountd daemon too.

The fix you need in order to keep rpc.mountd on a specific port is
IY20117, which ships bos.net.nfs.client 4.3.3.53.

Once you have the fix installed, stop the nfs daemons and run

# nfso -o nfs_use_reserved_ports=1

First, need to upgrade your NFS server (behind the firewall) to
bos.net.nfs.client to 5.1.0.10. The option for mountd to run on a
reserved port was introduced at this level (and with AIX 4.3.3, it was
introduced at bos.net.nfs.client 4.3.3.53). Once this is loaded, we can
continue....

Server configuration:
#vi /etc/services
->choose a port lower than 1024 that is not already taken, and configure
mountd as such, for example:
mountd 1001/udp
mountd 1001/tcp

With that done, we now know what port the nfs server will talk
over...1001 and 2049.
On the firewall, we need to ask that at least the following ports are
opened up for this transaction:
2049,1001 (just an example...can be whatever you want <1024), 111 (for
portmapper), and whatever port you are specifying your client to use
in your mount command.

Thanks for your input. It was very informative.
One more query,
if i want to bind the mountd process to a port number, why does it have to be less than 1024? cant i use any port number htat not taken.
Also do i need to allow the ports taken by rpc.statd and lockd in firewall as well? in which case i might have to bind those services to a pearticlar port as well?

Thanks once again.
I have checked and ensured that the fix u mentioned is already applied. and the parameter nfs_use_reserved_ports= 0

I want to change the above b=parameter but just wanted to confirm with you, the box in question is in a HACMP cluster so can i just go ahed and change the parameter... or do i have to do the same on the other machine in the cluster?

Also i was checking the /etc/rpc file, is the second column pertaining to the ports used by that service? coz in that case nfs and portmapper are using ports other that 2049 and 111.

Does it show the current port utilization? That means if i restart the NFS with the port utilization in the file change?

One more query (i hope i am not taking this too far) does the parameter nfs_use_reserved_ports decide wether NFS is using static or dynamic ports?

If a HACMP cluster then changes should be done in any single member. My
advice, check first in the main node and then apply the change in the
second one.

About /etc/rpc file, please don't modify it cause nfs will always use TCP
port 2049. What you have done is to make your mountd opens the same tcp
port for exporting filesystems to the network. If mountd always opens the
same port then you can open the firewall to traffic to this unique port.

About the nfs_use_reserved_ports parameter. Its does reserve client
communications over reserved ports. So your clients always connect on port
below 1024.

sorry to keep comming back.
Weel the problem is that i am the new admin here the old admin left and i have not documentation. More over i have never worked on a cluster before so please excuse me if you find my questions silly.

How do i know which is the main node? there are 3 machines. And what should i check for on the main node?

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.